maybe the question has been already posted but I would like to clearly distinguish whether the following scenario could accept both the solutions or I need without no doubts the LAN-to-LAN.
Imagine you have 2 LANs or 2 groups of LANs (say A that offers services and the other one (B) that access A resources) located behind 2 devices doing NAT: it is quite simple, that's the most common scenario.
Would be possible to use software clients installed on workstations belonging to network B accessing the same endpoint (the public endpoint of A LAN) using IPsec? I don't think so because IPsec uses UDP 500 port as the source port and traffic coming from the same public IP will have packets authenticated in different manners. So the A endpoint will think that some one is trying to substitute to the first endpoint that initiated the tunnel.
Please, tell me whether my idea is wrong or not. We have been giving services to our customers and we have been facing their lack of understanding on the reason we want to install routers at their site (if they don't have any devices that permit to build a VPN or they haven't the knowledge to do that) when they have more than one workstation that needs to access our resources.
I apologize for my English but if you have some documents that explains what I wrote about reporting why someone needs to have a LAN to LAN scenario instead of a lot of software clients I shall really appreciate it.